| 1 | # $Id$ |
|---|
| 2 | |
|---|
| 3 | PyKota - Print Quotas for CUPS and LPRng |
|---|
| 4 | |
|---|
| 5 | (c) 2003, 2004, 2005, 2006 Jerome Alet <alet@librelogiciel.com> |
|---|
| 6 | This program is free software; you can redistribute it and/or modify |
|---|
| 7 | it under the terms of the GNU General Public License as published by |
|---|
| 8 | the Free Software Foundation; either version 2 of the License, or |
|---|
| 9 | (at your option) any later version. |
|---|
| 10 | |
|---|
| 11 | This program is distributed in the hope that it will be useful, |
|---|
| 12 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|---|
| 14 | GNU General Public License for more details. |
|---|
| 15 | |
|---|
| 16 | You should have received a copy of the GNU General Public License |
|---|
| 17 | along with this program; if not, write to the Free Software |
|---|
| 18 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|---|
| 19 | |
|---|
| 20 | ============================================================ |
|---|
| 21 | |
|---|
| 22 | Documentation : |
|---|
| 23 | --------------- |
|---|
| 24 | |
|---|
| 25 | pykota.schema : |
|---|
| 26 | |
|---|
| 27 | This file can be used to modify an existing LDAP directory |
|---|
| 28 | to add the necessary object classes and attributes for use |
|---|
| 29 | with PyKota. |
|---|
| 30 | |
|---|
| 31 | Include it in your LDAP server's configuration. |
|---|
| 32 | For example, with OpenLDAP under Debian : |
|---|
| 33 | |
|---|
| 34 | $ cp pykota.schema /etc/ldap/schema |
|---|
| 35 | (no need to do this if you install from PyKota's Debian package) |
|---|
| 36 | |
|---|
| 37 | Then edit /etc/ldap/slapd.conf and add a line to |
|---|
| 38 | include the PyKota schema. You should have something |
|---|
| 39 | like : |
|---|
| 40 | |
|---|
| 41 | # Schema and objectClass definitions |
|---|
| 42 | include /etc/ldap/schema/core.schema |
|---|
| 43 | include /etc/ldap/schema/cosine.schema |
|---|
| 44 | include /etc/ldap/schema/nis.schema |
|---|
| 45 | include /etc/ldap/schema/inetorgperson.schema |
|---|
| 46 | include /etc/ldap/schema/pykota.schema |
|---|
| 47 | |
|---|
| 48 | While this is not mandatory, you may want to create |
|---|
| 49 | some indexes to speed things up a bit : |
|---|
| 50 | |
|---|
| 51 | You should already have these : |
|---|
| 52 | |
|---|
| 53 | index objectClass eq |
|---|
| 54 | index cn pres,eq,sub |
|---|
| 55 | index uid pres,eq,sub |
|---|
| 56 | |
|---|
| 57 | But we recommend that you add these : |
|---|
| 58 | |
|---|
| 59 | index pykotaUserName pres,eq,sub |
|---|
| 60 | index pykotaGroupName pres,eq,sub |
|---|
| 61 | index pykotaPrinterName pres,eq,sub |
|---|
| 62 | index pykotaBillingCode pres,eq,sub |
|---|
| 63 | index pykotaLastJobIdent eq |
|---|
| 64 | |
|---|
| 65 | Now you must ensure that the DNs PyKota will use to bind to |
|---|
| 66 | your OpenLDAP server don't have search queries size limits, |
|---|
| 67 | which gives for example (OpenLDAP 2.1.x or above) : |
|---|
| 68 | |
|---|
| 69 | limits dn="cn=pykotaadmin,dc=example,dc=com" size.soft=-1 size.hard=soft |
|---|
| 70 | limits dn="cn=pykotauser,dc=example,dc=com" size.soft=-1 size.hard=soft |
|---|
| 71 | |
|---|
| 72 | Where pykotaadmin and pykotauser are the usernames used to bind to your |
|---|
| 73 | OpenLDAP server within PyKota, respectively in complete ReadWrite mode |
|---|
| 74 | (as set in pykotadmin.conf) and in ReadOnly mode (pykota.conf). |
|---|
| 75 | |
|---|
| 76 | NB : YOU have to define the ACLs necessary for user pykotaadmin to |
|---|
| 77 | have unlimited Read+Write access to your LDAP tree, and for user |
|---|
| 78 | pykotauser to have unlimited ReadOnly access to your LDAP tree. |
|---|
| 79 | In the sentence above, "unlimited" means no limit with regard to |
|---|
| 80 | the number of records returned by a search operation. Of course |
|---|
| 81 | you may want to restrict the access to only some attributes, but |
|---|
| 82 | this is up to you to decide. That's why we don't suggest any |
|---|
| 83 | ACL there, at least for now. |
|---|
| 84 | |
|---|
| 85 | Now, stop the OpenLDAP server : |
|---|
| 86 | |
|---|
| 87 | $ /etc/init.d/slapd stop |
|---|
| 88 | |
|---|
| 89 | Generate the index files : |
|---|
| 90 | |
|---|
| 91 | $ slapindex |
|---|
| 92 | |
|---|
| 93 | And finally restart the OpenLDAP server : |
|---|
| 94 | |
|---|
| 95 | $ /etc/init.d/slapd start |
|---|
| 96 | |
|---|
| 97 | pykota-sample.ldif : |
|---|
| 98 | |
|---|
| 99 | You can use this file to initialize an LDAP tree for PyKota, if |
|---|
| 100 | you want. |
|---|
| 101 | |
|---|
| 102 | The structure used in this file is NOT mandatory ! |
|---|
| 103 | Provided you put correct parameters into /etc/pykota/pykota.conf, |
|---|
| 104 | you can structure your LDAP directory the way you want. |
|---|
| 105 | |
|---|
| 106 | To use an LDAP directory as the Quota Storage, just modify |
|---|
| 107 | /etc/pykota/pykota.conf to make it contain lines similar to the LDAP |
|---|
| 108 | related ones in conf/pykota.conf.sample, but adapted to your |
|---|
| 109 | own configuration. Also de-activate the PostgreSQL-related lines. |
|---|
| 110 | |
|---|
| 111 | ============================================================ |
|---|
